Head of Global Cybersecurity

Legend Biotech is a global biotechnology company dedicated to treating, and one day curing, life-threatening diseases. Headquartered in Somerset, New Jersey, we are developing advanced cell therapies across a diverse array of technology platforms, including autologous and allogenic chimeric antigen receptor T-cell, T-cell receptor (TCR-T), and natural killer (NK) cell-based immunotherapy. From our three R&D sites around the world, we apply these innovative technologies to pursue the discovery of safe, efficacious and cutting-edge therapeutics for patients worldwide.

Legend Biotech entered into a global collaboration agreement with Janssen, one of the pharmaceutical companies of Johnson & Johnson, to jointly develop and commercialize ciltacabtagene autolecuel (cilta-cel). Our strategic partnership is designed to combine the strengths and expertise of both companies to advance the promise of an immunotherapy in the treatment of multiple myeloma.

Legend Biotech is seeking Head of Global Cybersecurity as part of the IT team based in Somerset, NJ.

Role Overview

The Head of Global Cybersecurity is a senior leadership role that will oversee and shape the organization's entire cybersecurity strategy, encompassing people, processes, and technologies. This role requires not only high-level strategic direction but also hands-on responsibility for developing and implementing cybersecurity capabilities across the organization's global operations. This role will be reported to the Head of Information Technology and will be a member of the Global IT Leadership Team.

Key Responsibilities

• Cybersecurity Strategy and Policy Development: Lead the creation of a comprehensive cybersecurity strategy aligned with global business objectives. Develop policies to protect information assets and ensure regulatory compliance. Balance security needs with operational efficiency through a risk-based approach.
• Risk Management and Threat Analysis: Identify, assess, and mitigate cybersecurity risks across all regions and systems. Develop and apply risk management frameworks, performing regular threat assessments to address vulnerabilities proactively.
• Incident Response and Recovery: Establish and maintain robust incident response protocols, including detection, response, and recovery procedures. Lead the organization through high-stakes incidents, minimizing operational impact and safeguarding data integrity.
• Solution Development Based on Risk: Develop and implement cybersecurity solutions that are tailored to the specific risk profiles. Utilize a risk-based approach to prioritize and address the most critical vulnerabilities, ensuring that resources are allocated efficiently. Continuously monitor and adapt solutions to evolving threats, maintaining a proactive stance in safeguarding the organization's assets.
• Collaboration and Reporting: Collaborate with the Global IT Leadership Team to align IT and cybersecurity initiatives, fostering a unified approach to protecting organizational assets. Report on cybersecurity performance, risk status, and incidents to executive stakeholders and the audit committee.
• Leadership and Team Management: Oversee the global cybersecurity team, including recruitment, training, and development. Promote a culture of security awareness and ensure alignment with cybersecurity goals.
• Technology and Vendor Management: Select, implement, and oversee cybersecurity technologies and solutions. Manage third-party vendor relationships to ensure compliance with organizational cybersecurity standards.
• The incumbent has the authority to make decisions related to technical direction, methodologies, approaches and processes. The person can also make decisions related to project execution, including timelines, milestones and resource allocation within budget. Higher-level approvals are required for those related to significant budget allocations, strategic shifts, or actions may involve significant risks to the company or have substantial financial or long-term implications.

Requirements

• Degree in a technology-related field or business administration.
• Professional security management certification (e.g., CISSP, CISM) preferred.
• Leadership in Multinational Corporations: Demonstrated expertise in managing cybersecurity operations across diverse regions, including China, the US, and the EU. Skilled in navigating complex regulatory frameworks and cultural nuances to ensure compliance and robust security standards.
• Technical and Strategic Expertise: Deep knowledge of cybersecurity technologies and protocols, with the ability to turn technical issues into actionable business strategies and solutions.
• Project and Budget Management: Proficient in allocating resources, managing budgets, and delivering cybersecurity projects within financial and timeline constraints.
• Relevant Certifications: Strongly preferred certifications such as CISSP, CISM, or CISA, paired with knowledge of risk frameworks like NIST and ISO 27001.
• Industry Experience: Over 15 years in information security, focusing on risk management, threat mitigation, and incident response. Knowledgeable about biotech/pharma regulations (HIPAA, FDA), including GMP and non-GMP environments.
• Vendor and Contract Management: Skilled in managing third-party cybersecurity standards and overseeing managed services.
• Communication and Integrity: Strong written and verbal communication skills, with a commitment to high ethical standards.
• Cross-Cultural Team Collaboration: Experienced in managing teams across time zones and navigating cultural nuances in cybersecurity practices.
• Global Incident Response: Proficient in coordinating incident response globally, adapting to regional legal requirements, including those in China, the EU, and the US.
• Cybersecurity Program Development: Experienced in building cybersecurity programs that prioritize risk management and advanced threat detection.
• Framework and Compliance Proficiency: Familiar with frameworks like ISO 27001, GDPR, SOX, and HIPAA for seamless regulatory alignment.
• Cloud Security and Data Residency: Expertise in cloud security and compliance with data residency laws.
• Cybersecurity Automation and AI: Knowledgeable about automation and AI in cybersecurity, mindful of regional regulatory impacts.
• Mandarin would be a plus.

#Li-LB1

#Li-Hybrid

The anticipated base pay range is:

$285,906—$375,253 USD

Benefits:

We are committed to creating a workplace where employees can thrive - both professionally and personally. To attract and retain top talent in a highly competitive industry, we offer a best-in-class benefits package that supports well-being, financial stability, and long-term career growth. Our offerings are designed to meet the diverse needs of our team members and their families, ensuring they feel valued and supported every step of the way. Highlights include medical, dental, and vision insurance as well as a 401(k)-retirement plan with company match that vest fully on day one. Equity and stock options are available to employees in eligible roles, we offer eight weeks of paid parental leave after just three months of employment, and a paid time off policy that includes 15 vacation days, 5 personal days, 5 sick days, 11 U.S. national holidays, and 3 floating holidays. Additional benefits include flexible spending and health savings accounts, life and AD&D insurance, short- and long-term disability coverage, legal assistance, and supplemental plans such as pet, critical illness, accident, and hospital indemnity insurance. We also provide commuter benefits, family planning and care resources, well-being initiatives, and peer-to-peer recognition programs - demonstrating our ongoing commitment to building a culture where our people feel empowered, supported, and inspired to do their best work.

EEO Statement

Legend Biotech is a proud equal opportunity/affirmative action employer committed to attracting, retaining, and maximizing the performance of a diverse and inclusive workforce. It is Legend's policy to ensure equal employment opportunity without discrimination or harassment based on race, color, religion, sex (including pregnancy, childbirth, or related medical conditions), sexual orientation, gender identity or expression, age, disability, national origin, marital or domestic/civil partnership status, genetic information, citizenship status, uniformed service member or veteran status, or any other characteristic protected by applicable law.

Employment is at-will and may be terminated at any time with or without cause or notice by the employee or the company. Legend may adjust base salary or other discretionary compensation at any time based on individual, team, performance, or market conditions.

Legend Biotech maintains a drug-free workplace.